ogt-cli-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill is designed to facilitate the execution of developer-focused CLI tools (
gemini,claude,opencode,codex) viabash. While it uses high-privilege modes likepty:trueandbackground:true, these are standard for interactive terminal applications and align with the skill's stated purpose of programmatic coding assistance. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The skill ingests untrusted data from both the user (via
commandstrings) and the local environment (viaworkdirand file access) and passes it to external LLM-powered agents. - Ingestion points: The
commandparameter in bash calls and the files processed within the specifiedworkdir(e.g.,~/project). - Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized in the provided examples to separate system instructions from processed data.
- Capability inventory: The skill allows for full
bashexecution, pseudo-terminal (pty) access, and background process management across multiple coding agents. - Sanitization: No input sanitization or validation of the commands or code being processed is performed by the skill itself.
- EXTERNAL_DOWNLOADS (SAFE): The skill's metadata requires specific binaries (
claude,codex,opencode,gemini,pi). These are references to well-known tools from trusted organizations (Google, Anthropic, Microsoft) and the skill does not attempt to download them from untrusted sources at runtime.
Audit Metadata